VMware Cloud Community
PeterTaps
Contributor
Contributor
‎02-16-2011 12:07 PM

ESXi Server in DMZ - How to set up multiple IP addresses?

Folks,

Here is my current configuration.

Server - ESXi 4.1 - IP 10.10.20.51. Has just one NIC card.

One VM set up with 3 static IP addresses 10.10.20.52, 10.10.20.53, 10.10.20.54. The VM is running 3 different websites on different IP addresses.

I now need to put the ESXi Server in DMZ zone such that the VM can deal with three external IP addresses, say, 60.60.60.21, 60.60.60.22 and 60.60.60.23.

I am wondering if all I need to do is just change the IP addresses within the VM. Or, do I need to reconfigure something on the ESXi Server as well?

Thank you in advance for your help.

Regards,

Peter

0 Kudos
5 Replies
PeterTaps
Contributor
Contributor
‎02-16-2011 12:13 PM

I forgot to add one more thing.

Or, can I simply put the VM itself in the DMZ zone? I like this solution better if it works.

Regards,

Peter

0 Kudos
a_p_
Leadership
Leadership
‎02-16-2011 12:19 PM

Even though you could do this using VLANs, I'd suggest you add another NIC and use one NIC for the management network of the ESXi host itself and the second NIC for your DMZ VM network.

André

0 Kudos
Dave_Mishchenko
Immortal
Immortal
‎02-16-2011 12:19 PM

You don't want to put the ESXi management IP in the DMZ.  Ideally  you'll add NIC ports and create a new vSwitch.  The NIC port(s) in this vSwitch will be connected to your DMZ and you'll add a virtual machine port group to the DMZ vSwitch.  Then you'll edit the VM's network connection to attach to the DMZ port group.  That wil provide your VMs DMZ connectivity (and i'm assuming you'll have a firewall in front of these VMs. Your management IP address for ESXi can stay as is.  ESXi doesn't require a management IP on the DMZ vSwitch.

0 Kudos
mrksiddiqui
Enthusiast
Enthusiast
‎02-16-2011 01:11 PM

Create a new network  (vmDMZ) attach the physical nic assigned to this vmDMZ to DMZ. Attach the VM that needs access to the DMZ with this vmDMZ.

dmz->vmDMZ<-VM

If this helps answer your question please consider awarding points!
0 Kudos
bulletprooffool
Champion
Champion
‎02-17-2011 01:00 AM

Morning Peter,

I really can not recommend highly enough that you get extra NICs in this host, for security reasons.

you want to physically segregate the VMs from the storage and management.

Either way, any of the above options is valid.

there is a very good whitepaper on VMware in the DMZ available at:

http://www.vmware.com/files/pdf/dmz_virtualization_vmware_infra_wp.pdf

This will run your through the 3 options to consider. I'd get your networks and security teams on board though to discuss the options.

If you are unable to get budget for another NIC, but already have firewalls in place, consider some sort of a Natted arrangement

One day I will virtualise myself . . .
0 Kudos